Nearly half of New Zealand businesses are unprepared to prevent or mitigate cyber threats, with our primary industries being the least prepared.
That's the verdict of the Cyber Security NZ SME Landscape 2015 report, commissioned by Vodafone and undertaken by the head of the University of Waikato's Cyber Security Lab, Dr Ryan Ko, in conjunction with Colmar Brunton.
While 56% of the 500 companies surveyed had experienced IT security attacks at least once a year, 45% felt their business did not have adequate tools and policies in place to prevent or mitigate the increasingly advanced and sinister threats.
Colin James, Vodafone head of security, says the statistics are 'pretty alarming across the board' but notes that for primary industries (construction, trades services, agriculture, forestry and fisheries) it is particularly concerning, given their huge importance to the local economy.
James says the telco is seeing a marked increase in the number of attacks within New Zealand.
“Geographical isolation isn't a safety net against threats,” James says.
“Gone are the days when all you needed was a firewall or virus scan to secure your company's private data.
“Threats are becoming more sinister and advanced in their capability; the players are the same, but the tools they have access to have evolved astronomically.”
Rapid increases in mobility mean businesses must now grapple with securing information outside of the business environment.
The report notes that 83% of lost smartphones in 2014 resulted in compromised business data, but despite these statistics, six out of 10 companies have no plans to increase their investment in IT security.
“Business leaders and IT managers need to re-evaluate where information is sitting these days; who has access to it and what security policies they have in place to protect against and prevent attacks,” says James.
He says the future of true cyber security lies with the vigilance of IT decision-makers to ensure their systems are capable, and network providers to build more intelligent infrastructure capable of acting on threats to protect not only an individual users, but the overall integrity of the network.
“We need to ensure information is protected, regardless of where it resides.
“Intelligent networks operate by understanding what devices are connected to it, who is using those devices, who and what they're communicating with and what they're talking about.
“Without this intricate knowledge, businesses run the risk of creating chinks in their armour and opening themselves up for attack.”